Electronic Surveillance Laws: Which Wiretap and Tracking Methods Are Illegal?

Electronic Communications Privacy Act (ECPA, 1986) provides three-title federal framework: Title I Wiretap Act (18 U.S.C. § 2510-2523) regulates real-time interception of wire, oral, and electronic communications with strict probable cause warrant requirements. Title II Stored Communications Act (18 U.S.C. § 2701-2713) regulates access to stored communications and records, with different standards for content versus non-content metadata. Title III Pen Register Act (18 U.S.C. § 3121-3127) regulates installation and use of pen registers and trap-and-trace devices capturing dialing, routing, and addressing information. Wiretap Act Title III warrants under 18 U.S.C. § 2518 require probable cause showing that specific crimes (enumerated list of serious offenses) are being committed, normal investigative procedures have failed or are unlikely to succeed, and target is using identified facilities. Our privacy & cyber security crimes practice handles ECPA framework analysis, Title III warrant challenges, and parallel state law coordination across surveillance cases.

Fourth Amendment search and seizure protections extend to electronic surveillance under reasonable expectation of privacy framework established in Katz v. United States, 389 U.S. 347 (1967). Carpenter v. United States, 585 U.S. 296 (2018) held that government acquisition of historical cell-site location information (CSLI) constitutes Fourth Amendment search requiring warrant, rejecting third-party doctrine application to CSLI. United States v. Jones, 565 U.S. 400 (2012) held that GPS tracker installation on vehicle constituted Fourth Amendment search, with majority emphasizing physical trespass and concurring justices emphasizing privacy expectations in extended tracking. Riley v. California, 573 U.S. 373 (2014) held that warrantless search of arrestee's cell phone violates Fourth Amendment given vast quantity of personal data on modern smartphones. Smith v. Maryland, 442 U.S. 735 (1979) established third-party doctrine permitting warrantless access to information voluntarily shared with third parties, though Carpenter substantially narrowed application for digital era. Our invasion of privacy practice handles Carpenter framework application, third-party doctrine analysis, and parallel reasonable expectation of privacy litigation across electronic surveillance challenges.

Federal Wiretap Act under 18 U.S.C. § 2511(2)(d) permits interception when one party to communication consents (one-party consent rule), with parallel state law variation creating two-tier consent landscape across United States. Approximately 38 states follow federal one-party consent rule, permitting recording when at least one participant consents to interception. Twelve states require all-party consent (commonly called two-party consent): California (Cal. Penal Code § 632), Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, Washington, and Connecticut (under certain circumstances). Choice-of-law analysis becomes critical when communications cross state lines, with conflicts of law analysis examining where parties are located, where recording occurred, and which state's interests predominate. Our privacy and data protection practice handles consent law analysis, multi-state recording disputes, and parallel California Invasion of Privacy Act (CIPA) compliance across cross-jurisdictional communications.

GPS tracking analysis post-Jones requires warrant for installation of physical tracking device on vehicle, with parallel warrant requirement under Carpenter framework for extended location surveillance generally. Cell-site location information (CSLI) acquisition after Carpenter requires probable cause warrant for historical location data, with ongoing litigation over real-time CSLI, tower dumps, and individual call detail records. Geofence warrants requesting Google or other providers to identify devices present in geographic area during specified time face increasing judicial scrutiny, with United States v. Chatrie (4th Cir. 2024) addressing geofence warrant Fourth Amendment compliance and particularity requirements. Stingray and cell-site simulator devices capable of intercepting cell signals and locating phones face emerging regulatory framework with DOJ policy requiring warrants except in exigent circumstances. Our data privacy litigation practice handles geofence warrant challenges, CSLI suppression motions, and parallel stingray surveillance litigation across emerging location technology disputes.

Employer monitoring of business email systems generally permitted under ECPA business-use exception (18 U.S.C. § 2510(5)(a)) and Stored Communications Act provider exception for accessing communications on employer-owned systems. City of Ontario v. Quon, 560 U.S. 746 (2010) addressed government employer access to employee text messages on government-issued pager, finding reasonable workplace search under O'Connor v. Ortega, 480 U.S. 709 (1987) framework. Private employer monitoring requires careful policy design including written acceptable use policy, employee notice and acknowledgment, business purpose limitations, and parallel state law compliance for personal communications and BYOD scenarios. New York Section 52-c (effective May 2022) requires employers to provide written notice of electronic monitoring to employees with parallel California, Connecticut, and Delaware notice requirements creating state-level compliance landscape. Our cybersecurity and data privacy practice handles employer monitoring program design, employee notice compliance, and parallel multi-state monitoring policy coordination across remote workforce operations.

Foreign Intelligence Surveillance Act (FISA, 50 U.S.C. § 1801 et seq.) provides framework for foreign intelligence surveillance with FISA Court (FISC) oversight of surveillance orders and minimization procedures. FISA Section 702 (50 U.S.C. § 1881a) permits targeting non-US persons reasonably believed to be located outside US for foreign intelligence purposes, with substantial collection of communications and parallel concerns about incidental US person collection. FISA Section 702 reauthorization (Reforming Intelligence and Securing America Act, April 2024) extended Section 702 authorities through April 2026 with new requirements including US person query restrictions, compliance reporting, and FISC review processes. USA PATRIOT Act (2001) and USA FREEDOM Act (2015) created additional foreign intelligence authorities including business records (formerly Section 215) and emergency procedures with various reform measures over time. Our data privacy class action practice handles FISA framework analysis, Section 702 compliance review, and parallel incidental collection challenges across national security surveillance matters.

Wiretap Act statutory suppression remedy under 18 U.S.C. § 2515 and § 2518(10)(a) requires suppression of intercepted communications when interception was unlawfully authorized or executed, providing broader remedy than constitutional exclusionary rule. Fourth Amendment exclusion under Wong Sun v. United States, 371 U.S. 471 (1963) requires suppression of evidence obtained through illegal search plus derivative evidence (fruit of the poisonous tree), with attenuation, independent source, and inevitable discovery exceptions. Modern suppression challenges include CSLI suppression post-Carpenter, geofence warrant particularity challenges, and stingray surveillance disclosure obligations to defendants. Standing requirements under Rakas v. Illinois, 439 U.S. 128 (1978) limit suppression motions to defendants whose own Fourth Amendment rights were violated, with substantial complexity in multi-party communication scenarios. Our privacy violations practice handles suppression motion preparation, Wiretap Act § 2515 statutory challenges, and parallel Wong Sun derivative evidence analysis across federal and state surveillance cases.

ECPA civil cause of action under 18 U.S.C. § 2520 permits private suit against persons who violate Wiretap Act with statutory damages ($10,000 per violation or actual damages plus profits), punitive damages, and attorney fees. Stored Communications Act civil action under 18 U.S.C. § 2707 permits suit for SCA violations with similar statutory damages framework and substantial punitive damages potential. State invasion of privacy claims (intrusion upon seclusion, public disclosure of private facts) provide parallel remedies with state-specific damages frameworks and substantial overlap with federal ECPA claims. Illinois Biometric Information Privacy Act (BIPA), California Consumer Privacy Act/Rights Act (CCPA/CPRA), and emerging state privacy laws create additional civil enforcement frameworks particularly for biometric data, facial recognition, and consumer information collection. Coordinated biometric privacy violations defense manages ECPA civil suit defense, state privacy law coordination, and pa

Employers generally can read employees' business email under ECPA business-use exception and Stored Communications Act provider exception when accessing communications on employer-owned systems with appropriate notice. Most US states permit employer monitoring with proper acceptable use policy and employee acknowledgment, though New York (effective May 2022), California, Connecticut, and Delaware require written notice of electronic monitoring. Personal email accounts and personal devices receive substantially greater protection, with employer access typically requiring specific consent or court authorization.

GPS tracking by law enforcement requires warrant for installation of physical tracking device on vehicle under United States v. Jones (2012), with extended location surveillance generally requiring warrant under Carpenter v. United States (2018) framework. Private GPS tracking faces varying state law, with growing number of states criminalizing non-consensual GPS tracking of vehicles or persons. Domestic violence and stalking contexts often include specific GPS tracking criminal statutes and civil protective order remedies.

Suppression motions under Federal Rule of Criminal Procedure 12(b)(3)(C) must be filed before trial typically within deadlines set by court schedule, alleging specific Fourth Amendment, statutory, or constitutional violations requiring evidence exclusion. Successful suppression motion requires defendant standing (own Fourth Amendment rights violated), specific factual allegations of illegality, and legal authority supporting exclusion remedy. Wiretap Act § 2515 statutory suppression provides broader remedy than constitutional exclusionary rule, with evidence obtained from unlawful interception automatically inadmissible.